%20--%3e%3cpath%20d='M77.8,58.7h-15.7v31.5h15.8c9.5,0,16.7-4.5,16.7-15.8s-7.4-15.7-16.9-15.7h0Z'/%3e%3cpath%20d='M200,59.9c-19.4,0-32.7,15.9-32.7,34.3s13.3,34.3,32.7,34.3,32.5-15.7,32.5-34.3-13.1-34.3-32.5-34.3Z'/%3e%3cpath%20d='M0,.2v188h644V.2H0ZM95.9,156.2l-20-40.8h-13.8v40.8h-30.8V32.2h45.1c29.6,0,50.1,14.3,50.1,42.2s-9.1,29.8-22.7,35.8l25,46h-32.9ZM200,156.2c-36.8,0-63.2-27.4-63.2-62s26.4-62,63.2-62,63.2,27.7,63.2,62-26.2,62-63.2,62h0ZM355,156.2h-76.3V32.2h31.5v97.5h44.8v26.5ZM443.3,156.2h-76.3V32.2h31.5v97.5h44.8v26.5ZM486.8,156.2h-31.5V32.2h31.5v124ZM612.7,156.2l-74.7-62.5v62.5h-30.8V32.2l74.6,62.5v-62.5h31v124h0Z'/%3e%3c/svg%3e){kind=small}
What is a Hash Salt?
A "hash salt" is a security technique used to enhance the protection of user passwords on websites. It is a randomly generated unique value for each user that is added to the password before the hashing process. This combination of password and salt is then converted into a random string of characters, called a "hash".
Adding salt makes brute force attacks and dictionary attacks much more difficult because even common passwords will have different hashes due to the use of salt. This adds an extra layer of complexity and makes retrieving the original passwords practically impossible without knowing the salt value. Therefore, using hash salts is an essential element of website security, helping to protect users' confidential information and prevent data breaches.
How to generate the Hash Salt using the terminal
Simply type the following line in a terminal of your choice:
drush eval "var_dump(Drupal\Component\Utility\Crypt::randomBytesBase64(55))"
You will get a long string of characters like the one below:
string(74) "HM-IC11fTynJKT2hIgGVY6GyA_ONs5KHL6ZW3-iQOS2Lli1HukIA73MfeYBCUvLI8aL1H12Qvg"
Copy the "string" value and paste it into your /sites/default/settings.php file, like this:
$settings['hash_salt'] = 'HM-IC11fTynJKT2hIgGVY6GyA_ONs5KHL6ZW3-iQOS2Lli1HukIA73MfeYBCUvLI8aL1H12Qvg';
And that's it!